8
8 Security Against Black-Box Attacks Assume subsets contain k out of n total watermarked coefficients. The following limits the information attacker can obtain during each query to the black-box detector: Lemma (Threshold Phenomenon): Consider a watermarked image, and set p = k/n. Assume the attacker changes X coefficients in the transform plane, and |pX 1/2| > L, where L is a constant. Let S i, where i n, be the random subsets choosen by the detector. Let D 1 and D 2 denote the detector values that are output to the attacker. For every r > 0, we have Pr [|D 1 D 2 | r] e cn for some constant c, where is the space of coin flips used by the detector. Consequence: If the attacker changes too few coefficients, the attack will fail with high probability (i.e., values output by detector change little despite attackers arbitrary modifications to coefficients).

14
14 Conclusion New methods proposed to enhance the security of spread-spectrum watermarking against cryptanalysis. Ultimate security of spread-spectrum watermarking remains an open problem. Are there practical spread-spectrum methods provably robust against both cryptanalysis and signal-processing attacks?